<?php
//	Copyright (c) 2006 - 2007  Vee Satayamas <vsatayamas@gmail.com>
//	All rights reserved.
//
//	This file is part of Basa-Asa.
//
//  Basa-Asa is free software; you can redistribute it and/or modify
//  it under the terms of the GNU General Public License as published by
//  the Free Software Foundation; either version 2 of the License, or
//  (at your option) any later version.
//
//  Basa-Asa is distributed in the hope that it will be useful,
//  but WITHOUT ANY WARRANTY; without even the implied warranty of
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//  GNU General Public License for more details.
//
//  You should have received a copy of the GNU General Public License
//  along with Basa-Asa; if not, write to the Free Software
//  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

class UsersController extends AppController
{
	//var $scaffold;
	var $name = 'Users';
	var $helpers = array('Html', 'Form' , 'Text');


 	var $components = array('Session', 'Captcha'); 
	
	function captcha()
	{
        $this->Captcha->render();
    }

    function login()
    {
        //Don't show the error message if no data has been submitted.
        $this->set('error', false); 
		
		
        // If a user has submitted form data:
        if (!empty($this->data))
        {
            // First, let's see if there are any users in the database
            // with the username supplied by the user using the form:
            $someone = $this->User->findByUsername($this->data['User']['username']);

            // At this point, $someone is full of user data, or its empty.
            // Let's compare the form-submitted password with the one in 
            // the database.

            if(!empty($someone['User']['password']) && 
				$someone['User']['password'] == md5($this->data['User']['password']))				
            {
                // Note: hopefully your password in the DB is hashed, 
                // so your comparison might look more like:
                // md5($this->data['User']['password']) == ...

                // This means they were the same. We can now build some basic
                // session information to remember this user as 'logged-in'.

                $this->Session->write('User', $someone['User']);

                // Now that we have them stored in a session, forward them on
                // to a landing page for the application. 

                $this->redirect('/');
            }
            // Else, they supplied incorrect data:
            else
            {

                // Remember the $error var in the view? Let's set that to true:
                $this->set('error', true);
				
            }
        }
    }

    function logout()
    {
        // Redirect users to this action if they click on a Logout button.
        // All we need to do here is trash the session information:

        $this->Session->delete('User');

        // And we should probably forward them somewhere, too...
     
        $this->redirect('/');
    }

    function info($id) 
    {
        $this->data = $this->User->read(null, $id);

    }


	function index() {
        $this->checkAdmin();
		$this->User->recursive = 0;
		$this->set('users', $this->User->findAll());
	}
	
	function register() {
		if(empty($this->data)) {
			$this->render();
		} else {
			$this->cleanUpFields();
			if($this->data['User']['keystr'] != $this->Session->read('captcha')) {
				$this->Session->setFlash('Incorrect human verification key');
				return;				
			}
			uses('sanitize');
            $san = new Sanitize();
            $username = $san->sql($this->data['User']['username']);
			$user = $this->User->find("username = '$username'");
			if($user) {
				$this->Session->setFlash('Username is already used.');
				return;
			}
			
			//FIXME: weather san is needed?
			$email = $this->data['User']['email'];
			
			if ($email == "") {
				$this->Session->setFlash('E-mail address is needed');
				return;								
			}
			
			$db_email = $this->User->find("email = '$email'");
			if($db_email) {
				$this->Session->setFlash('E-mail address is already used.');
				return;				
			}
			
			if ($this->data['User']['new_password'] == "") {
				$this->Session->setFlash('Password address is needed');
				return;								
			}
			
			if($this->data['User']['new_password_re'] !=
			 	$this->data['User']['new_password']) {
					$this->Session->setFlash('Password is mismatch');
					return;								
			}
			$this->data['User']['password'] = md5($this->data['User']['new_password']);
			$this->data['User']['group_id'] = 2;
			if($this->User->save($this->data,  true)) {
				$this->Session->setFlash('The User has been saved');
        		$this->redirect('/users/login');
			} else {
				$this->Session->setFlash('Please correct errors below.');
			}
			
		}
	}
	
	function add() {
        $this->checkAdmin();
		if(empty($this->data)) {
			$this->set('groupArray', $this->User->Group->generateList());
			$this->render();
		} else {
			$this->cleanUpFields();
            uses('sanitize');
            $san = new Sanitize();
            $username = $san->sql($this->data['User']['username']);
            $user = $this->User->find("username = '$username'");
            if($user) { //$this->User->find("username =" . $this->data['User']['username'])) {
                $this->Session->setFlash('Username is already used.');
                $this->set('groupArray', $this->User->Group->generateList());
            } else {
                if($this->User->save($this->data,  true, array("first_name", "last_name", "group_id", "username")) && 
                   $this->data['User']['new_password']  &&
                   $this->data['User']['new_password'] == $this->data['User']['new_password_re'] &&
                   $this->User->saveField('password', md5($this->data['User']['new_password_re']))) {
                    $this->Session->setFlash('The User has been saved');
                    $this->redirect('/users/index');
                } else {
                    $this->Session->setFlash('Please correct errors below.');
                    $this->set('groupArray', $this->User->Group->generateList());
                }
            }
		}
	}

    function preference($id) {
        $this->checkSession();
        if($this->userId() == $id) {
            if(empty($this->data)) {
                $this->data = $this->User->read(null, $id);
                $this->set('groupArray', $this->User->Group->generateList());
            } else {
                $this->cleanUpFields(); // FIXME: wtf is this command?
                $user = $this->getUser();
                $ok = False;
                
                if($user['password'] == md5($this->data['User']['old_password']) &&
                   $this->User->save($this->data, true, array("first_name", "last_name", "group_id"))) {
                    if(!$this->data['User']['new_password']) {
                        $ok = True;
                    } else if($this->data['User']['new_password'] == $this->data['User']['new_password_re']) {
                        $h = md5($this->data['User']['new_password']);
                        if($this->User->saveField('password', $h)) {
                            $ok = True;
                        }
                    }
                }

                if($ok) {
                    $this->Session->setFlash('The User has been saved');
                    $this->redirect('/users/index');
                } else {
                    $this->Session->setFlash('Please correct errors below.');
                    $this->set('groupArray', $this->User->Group->generateList());
                }
            }
        } else {
            $this->redirect("/users/login/");
        }
    }

	function edit($id) {
        $this->checkAdmin();
        if($this->userId() == $id) {
            $this->redirect('/users/preference/' . $id); 
        }
		if(empty($this->data)) {
			$this->data = $this->User->read(null, $id);
			$this->set('groupArray', $this->User->Group->generateList());
		} else {
			$this->cleanUpFields();
			if($this->User->save($this->data, true, 
                                 array("first_name", "last_name", "group_id")
                                 )
               ) {
                if($this->data['User']['new_password']) {
                    if($this->User->saveField('password', 
                                              md5($this->data['User']['new_password']))) {
                           $ok = True;
                        }
                } else {
                    $ok = True;
                }
            }
            if($ok) {
                $this->Session->setFlash('The User has been saved');
                $this->redirect('/users/index');
            } else {
                $this->Session->setFlash('Please correct errors below.');
                $this->set('groupArray', $this->User->Group->generateList());
            }
        }
	}

	function delete($id) {
        $this->checkAdmin();
        $delFlag = False;
        if($this->userId() != $id) {
            if($this->User->del($id)) {
                $this->Session->setFlash('The User deleted: id '.$id.'');
                $delFlag = True;
            }
        }
        if(!$delFlag) {
            $this->Session->setFlash('Cannot delete: id '.$id.'');
        }
        $this->redirect('/users/index');
    }

}
?>
